[CentOS] CentOS 6.3 - fail2ban not working properly + workaround

Tue Mar 12 15:51:10 UTC 2013
Theo Band <theo.band at greenpeak.com>

On 10/17/2012 05:51 PM, SilverTip257 wrote:
> I recall others on this list are using fail2ban to block brute force
> login attempts.
> Packages are from the EPEL repo, so I'm just sharing some knowledge here.
>
> For about two months now I've had a CentOS 6.3 box (web host) in
> production that occasionally is ftp brute forced.
> Oddly enough fail2ban wasn't nabbing the perpetrators.  I found that
> the iptables chain for VSFTP isn't created for one.
>
> I have finally come to find [0] that indicates there's a problem with
> the inotify backend.
> Setting backend=gamin in /etc/fail2ban/jail.conf gives me the iptables
> chain I expect to find and one blocked host.
>
> Hope this is helpful to somebody until a new version is commited to EPEL.
>
> <quote>
> yarikoptic:
> ok -- that point was not yet good ;) now (0.8.6-95-gc0c1232) that
> branch seems to work just perfect. If I hear no complaints or do not
> see problem with my instance -- I will merge it into master tomorrow,
> thus closing this issue
> </quote>
>
> [0] https://github.com/fail2ban/fail2ban/issues/44
>

Thanks for the tip (I know it's a very old message).
I have updated recently to 6 and see that fail2band ssh dos no longer
works. Indeed after log rotate fail2ban seems to follow the old log file
instead of the newly created /var/log/secure.
I had backend = auto in /etc/fail2ban/jail.conf and gamin and pyinotify
are both installed. I now changed backend to gamin and give it another
try. The next log rotate is next week....
Anyone else using fail2ban with CentOS6 installed from epel?

fail2ban-0.8.8-2.el6.noarch on CentOS6.4

Theo